Title :
A dynamic taint tracking based method to detect sensitive information leaking
Author :
Weiming Li ; Yilin Yan ; Hao Tu ; Jia Xu
Author_Institution :
Network & Comput. Center, Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
Sensitive information leaking of network servers attacked by malwares or hackers is a serious security risk of Internet. The paper presents a dynamic taint tracking based method to automatically detect sensitive data leaking. The method automatically tags sensitive data as taint data and monitors the propagation of taint data in memory. If the sensitive data is sent by sockets or written into files, the method will alert and record detail leaking context. The whole process does not need modifying the network server source code or relying on particular server programming languages. The research is useful to improve security of all kinds of network. In the experiment part, successfully detecting the OpenSSL Heartbleed attack proves the effectiveness of the method.
Keywords :
Internet; security of data; Internet security risk; OpenSSL Heartbleed attack; dynamic taint tracking based method; hackers; malwares; sensitive data leaking detection; sensitive information leaking detection; server programming languages; taint data propagation; Cryptography; Internet; Monitoring; Network servers; Servers; Tagging; dynamic taint tracking; network security; sensitive information leaking;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2014 16th Asia-Pacific
Conference_Location :
Hsinchu
DOI :
10.1109/APNOMS.2014.6996578
